Hello, Me again. I'm designing an S/MIME product which will allow Zope to generate S/MIME-signed/encrypted mail via a "<dtml-smime>" tag. As designed, <dtml-smime> expects, as a parameter, an Smime object created previously. This is similar to <dtml-sendmail>'s use of an existing MailHost object. Associated with each said Smime object is a signer's private key and a bunch of recipient certificates. These are text files uploaded by the creator of the Smime object. The signer key and recipient certificates should not be "readable" via browser by unauthorised users, for obvious reasons. However, the <dtml-smime> machinery, operating under whatever Zope user id is invoking it, should be able to "read" them, in order to do its S/MIME business. First questions: - What permissions do I give to the uploaded key and certificates objects? - What is the difference between "access contents information" and "view"? - How do I assign permissions programmatically? TIA. Cheers. -- Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps